Senior Application Security Analyst

Here at Metrobank Group, we don't simply hire employees—we hone future leaders. We provide opportunities that enhance your skills and unlock your talents, helping you evolve into a well-rounded individual. We supply you with all the pieces you need to do your best work, unleashing your full potential to help you secure your future and lead a fulfilling career. And with Metrobank Group's strong heart for the community, you have the chance to give back and make worthwhile contributions to our nation's economic and social development. With Metrobank Group, a meaningful life is within your reach!

 

Position Title: Senior Application Security Analyst

 

Job Summary: 

 

The Senior Application Security Analyst will assist the Application Security Engineer in finding application vulnerabilities by performing application security testing of bank applications, in promoting
good security practices within applications, and in designing and developing application security testing methodologies to fit the bank’s evolving application security requirements. The role Ensures that all applicable controls are in place on all bank applications to preserve the confidentiality and integrity of all information stored, processed or exchanged by these bank applications, without adversely affecting the availability of or the processes that use this information.

 

Role Exposure: 

  • Handle multiple application security testing engagements, both internal and external to the bank
  • Be exposed to other Information Security Domains (e.g. Access Control Security, Cyber Security, Information Risk Management, Security Engineering, Security Policies, etc.)
  • Attends job-related conferences, seminars and training programs

 

Qualifications:

 

  • At least five (5) years of solid Application Security Pen Testing experience (i.e. Web, Mobile and APIs)
  • Certified/Licensed Application Penetration Tester or equivalent certification is required (e.g. EJPT, CEH, ECSA, LPT, etc.)
  • Capable of performing both manual and automated penetration testing using an array of testing tools (e.g. Burp Suite, OWASP ZAP, Acunetix, Qualys, Postman, SOAPUI, MobSF, KALI Linux, etc.)
  • Firm understanding of OWASP TOP 10 for Web, Mobile and APIs.
  • Familiarity with OWASP ASVS, MASVS and their equivalent testing guides
  • Excellent project management and technical writing skills

 

Other Details:

  • Rank: Junior Officer
  • Department: Information Security Division
  • Location: PSBank Head Office (Makati) 
  • This role is for Philippine Savings Bank (PSBank)